Sign In
Create Account
0
I found other threads on this subject and they all want the report from
Win32kDiag.exe
so here it is. Any help most welcome
Running from: C:\Documents and Settings\Gerry\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Gerry\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046
Found mount point : C:\WINDOWS\$hf_mig$\KB894391\KB894391
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB894391\KB894391
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Found mount point : C:\WINDOWS\$hf_mig$\KB925720\KB925720
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925720\KB925720
Found mount point : C:\WINDOWS\$hf_mig$\KB932823-v3\KB932823-v3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932823-v3\KB932823-v3
Found mount point : C:\WINDOWS\$hf_mig$\KB938127-IE7\KB938127-IE7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB938127-IE7\KB938127-IE7
Found mount point : C:\WINDOWS\$hf_mig$\KB944338-v2\KB944338-v2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB944338-v2\KB944338-v2
Found mount point : C:\WINDOWS\$hf_mig$\KB950749\KB950749
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB950749\KB950749
Found mount point : C:\WINDOWS\$hf_mig$\KB956390\KB956390
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB956390\KB956390
Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844
Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\addins\addins
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP318.tmp\ZAP318.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP318.tmp\ZAP318.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C4.tmp\ZAP7C4.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C4.tmp\ZAP7C4.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E6.tmp\ZAP7E6.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E6.tmp\ZAP7E6.tmp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d1\d1
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d2\d2
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d3\d3
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d4\d4
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d5\d5
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d6\d6
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d7\d7
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d8\d8
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\Options\CABS\CABS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Options\CABS\CABS
Found mount point : C:\WINDOWS\Options\Install\Install
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Options\Install\Install
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c286b650f35378bdc0c45de56f787772\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c286b650f35378bdc0c45de56f787772\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1025\1025
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1028\1028
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1031\1031
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1037\1037
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1041\1041
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1042\1042
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1054\1054
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\2052\2052
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\3076\3076
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1275210071-920026266-725345543-500\S-1-5-21-1275210071-920026266-725345543-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1275210071-920026266-725345543-500\S-1-5-21-1275210071-920026266-725345543-500
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2897092696-777229760-3084087753-500\S-1-5-21-2897092696-777229760-3084087753-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2897092696-777229760-3084087753-500\S-1-5-21-2897092696-777229760-3084087753-500
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-545241005-3319204467-2019157939-1005\S-1-5-21-545241005-3319204467-2019157939-1005
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-545241005-3319204467-2019157939-1005\S-1-5-21-545241005-3319204467-2019157939-1005
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{28C977F9-307B-4A72-A9B5-14C69AF3F579}\{28C977F9-307B-4A72-A9B5-14C69AF3F579}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{28C977F9-307B-4A72-A9B5-14C69AF3F579}\{28C977F9-307B-4A72-A9B5-14C69AF3F579}
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\Logs\Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\Logs\Logs
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\dhcp\dhcp
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Cannot access: C:\WINDOWS\system32\eventlog.dll
Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-10 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 10:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 10:11:53 62464 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 10:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\export\export
Cannot access: C:\WINDOWS\system32\MRT.exe
Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\sample\sample
Found mount point : C:\WINDOWS\system32\Search\Data\Applications\Windows\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\Search\Data\Applications\Windows\Config\Config
Found mount point : C:\WINDOWS\system32\Search\Data\Applications\Windows\Projects\SystemIndex\Save\Save
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\Search\Data\Applications\Windows\Projects\SystemIndex\Save\Save
Found mount point : C:\WINDOWS\system32\Search\Data\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\Search\Data\Temp\Temp
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe
Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\wins\wins
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\xircom\xircom
Found mount point : C:\WINDOWS\Temp\AVSETUP_4a101c2f\AVSETUP_4a101c2f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\AVSETUP_4a101c2f\AVSETUP_4a101c2f
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
-
This topic is locked
Back to top
#2
Posted 01 October 2009 - 12:23 PM
-
- Experts
-
- 10,166 posts
I Love Andriana
- Gender:Male
- Location:Bulgaria, EU
- Interests:Information security and web development
Greetings 
.
If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:
If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?
And post your logs in a new topic here:
Malware Removal - HijackThis Logs
Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.
note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.
.If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:
- Windows Police Pro
- CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX
- Total-Security (FakeAlert)
- av360 (Fakealert)
- SystemSecurity
If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?
And post your logs in a new topic here:
Malware Removal - HijackThis Logs
Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.
note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
